Cisco Enterprise NFV Infrastructure Software Arbitrary File Read Vulnerability (CNVD-2019-38851)

Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. An arbitrary file read vulnerability exists in Cisco Enterprise NFV...

PT-2019-2935 · Cisco · Cisco Enterprise Nfv Infrastructure

Name of the Vulnerable Software and Affected Versions: Cisco Enterprise NFV Infrastructure Software NFVIS affected versions not specified Description: A vulnerability in the Virtual Network Computing VNC console implementation could allow an unauthenticated, remote attacker to access the VNC...

CVE-2019-1010174

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: loadnetwork function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed...

Cisco Enterprise NFV Infrastructure Software Input Validation Vulnerability (CNVD-2019-02750)

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. An input validation vulnerability exists ...

CVE-2018-15402

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability is due to improper validation of Origin headers on HTTP requests within the management interface. An attacker...

Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability

Cisco Enterprise NFV Infrastructure Software NFVIS is a suite of NVF infrastructure software platforms from Cisco. The platform can be achieved through the central coordinator and controller of the virtualization services of the full lifecycle management. A denial-of-service vulnerability exists ...

Carrier Grade Security Means … Using Carrier Grade Security

It’s a common mistake in enterprises to copy-paste security solutions from a peer. Strategies can be recycled, but sadly with even very similar businesses almost always have radically different IT and security requirements. I recall one hospital that looked at a nearly identical peer hospital tha...

HPE Network Function Virtualization Director Information Disclosure Vulnerability

HPE Network Function Virtualization Director NFVD is a suite of NFV orchestration solutions from Hewlett Packard Enterprise HPE, USA. It is designed to automate the management of end-to-end services across VNFs, VNF forwarding maps, and network services NS. An information disclosure vulnerability...

CVE-2018-7071

HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director NFVD 4.2.1 prior to gui patch 3...

CVE-2018-7071

HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director NFVD 4.2.1 prior to gui patch 3...

CVE-2018-7071

HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director NFVD 4.2.1 prior to gui patch 3...

Command injection

In the MMM::Agent::Helpers::Network::addip function in MySQL Multi-Master Replication Manager MMM mmmagentd 2.2.1 for Linux, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\agentd process. An...

CVE-2017-8191

FusionSphere OpenStack V100R006C00SPC102NFVhas a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links...

CVE-2017-8198

FusionSphere V100R006C00SPC102NFV has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL...

Cisco Virtual Network Function Element Manager Arbitrary Command Execution Vulnerability

Cisco Virtual Network Function Element Manager is the virtual network function element manager. A security vulnerability in the Cisco Virtual Network Function Element Manager command settings allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary...

CVE-2017-6694

A vulnerability in the Virtual Network Function Manager's VNFM logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data cleartext credentials on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839...

Security feature bypass

A vulnerability in the Virtual Network Function Manager's VNFM logging function of Cisco Ultra Services Platform could allow an authenticated, local attacker to view sensitive data cleartext credentials on an affected system. More Information: CSCvd29355. Known Affected Releases: 21.0.v0.65839...

GNU C Library (glibc) __nss_hostname_digits_dots() function vulnerable to buffer overflow ("GHOST")

Lenovo Security Advisory: LEN-2015-007 Potential Impact: Execution of Arbitrary Code Severity: High Summary: A vulnerability has been found in the GNU C Library glibc nsshostnamedigitsdots function that allows both local and remote users to cause a buffer overflow in network function calls...

CVE-2006-2412

The raydiumnetworkread function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service application crash via a large ID, which causes an invalid memory access buffer over-read...

Buffer overflow

Buffer overflow in raydiumnetworkread function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables to the client...